0
(0)

 Note

We’ve renamed Microsoft Cloud App Security. It’s now called Microsoft Defender for Cloud Apps. In the coming weeks, we’ll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

Cloud Discovery data anonymization enables you to protect user privacy. Once the data log is uploaded to the Microsoft Defender for Cloud Apps portal, the log is sanitized and all username information is replaced with encrypted usernames. This way, all cloud activities are kept anonymous. When necessary, for a specific security investigation (for example, a security breach or suspicious user activity), admins can resolve the real username. If an admin has a reason to suspect a specific user, they can also look up the encrypted username of a known username, and then start investigating using the encrypted username. Each username conversion is audited in the portal’s Governance log.

Key points:

  • No private information is stored or displayed. Only encrypted information.
  • Private data is encrypted using AES-128 with a dedicated key per tenant.
  • Resolving usernames is done ad-hoc, per-username by deciphering a given encrypted username.

How data anonymization works

  1. There are three ways to apply data anonymization:
    • You can set the data from a specific log file to be anonymized, by creating a new snapshot report and selecting Anonymize private information.
      Anonymize snapshot data.
    • You can set the data from an automated upload for a new data source to be anonymized by selecting Anonymize private information when you add the new data source.
      Anonymize log data.
    • You can set the default in Defender for Cloud Apps to anonymize all data from both snapshot reports from uploaded log files and continuous reports from log collectors as follows:
      1. Select Settings > Cloud Discovery settings.
      2. In the Anonymization tab, to anonymize usernames by default, select Anonymize private information by default in new reports and data sources. You can also select Anonymize device information by default in ‘Win10 Endpoint Users’ report.
      3. Click Save.

      Anonymization settings page.

  2. When anonymization is selected, Defender for Cloud Apps parses the traffic log and extracts specific data attributes.
  3. Defender for Cloud Apps replaces the username with an encrypted username.
  4. It then analyzes cloud usage data and generates Cloud Discovery reports based on the anonymized data.

    Anonymize Cloud Discovery dashboard.

  5. For a specific investigation, such as an investigation of an anomalous usage alert, you can resolve the specific username in the portal and provide a business justification.

     Note

    The following steps also work for device names on the Devices tab.

    To resolve a single username

    1. Click on the three dots at the end of the row of the user you want to resolve and select Deanonymize user.

      Anonymize user table.

    2. In the pop-up, enter the justification for resolving the username and then click Resolve. In the relevant row, the resolved username is displayed.

       Note

      This action is audited.

      Anonymize resolve pop-up.

    The following alternative way to resolve single usernames can also be used to look up the encrypted username of a known username.

    1. Under the Settings cog, select Cloud Discovery settings.
    2. In the Anonymization tab, under Anonymize and resolve usernames enter a justification for why you’re doing the resolution.
    3. Under Enter username to resolve, select From anonymized and enter the anonymized username, or select To anonymized and enter the original username to resolve. Click Resolve.

      Resolve anonymization pop-up.

    To resolve multiple usernames

    1. Either select the checkboxes that appear when you hover over the user icons by the users you want to resolve or, in the top-left, corner select the Bulk selection checkbox.

      Anonymize bulk resolve.

    2. Click Deanonymize user.
    3. In the pop-up, enter the justification for resolving the username and then click Resolve. In the relevant rows, the resolved usernames are displayed.

       Note

      This action is audited.

      Anonymize resolve pop-up.

  6. The action is audited in the portal’s Governance log.

    Anonymization action in governance log.

Next steps

If you run into any problems, we’re here to help. To get assistance or support for your product issue, please open a support ticket.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.